Image

“No matter the size of your organization, you must treat cybersecurity seriously. If you were lucky enough not to have been directly affected by WannaCry or Petya, take it as an opportunity to get your cybersecurity house in order. Remember, you don’t have nine lives. All it takes is one data breach or another WannaCry and your company has lost data, money, credibility and most importantly, customer trust, which is one of the most difficult things to recover."The survey wasn't entirely doom and gloom. Eighty-five percent of those surveyed said their organization is making appropriate investments in solutions that can help mitigate its digital security risks. It's reassuring to hear so many organizations are investing in security technologies and other defenses. But hopefully, those companies are doing more than just that. Erlin identifies another method of protection that organizations should be actively pursuing in the aftermath of WannaCry and NotPetya:
"One of the most important tools, and probably the one that gets overlooked, is education. Malware attacks often rely on social engineering and playing on the weakness of human nature. The recent malware attacks are perfect examples of where a sound, consistent education program could have either prevented or reduced the impact of the attack."In other words, technology is a crucial component of a digital security policy. But businesses don't run themselves. People do, which means employees need to be aware of and ideally help hold the line against digital threats like WannaCry and NotPetya. At the same time, organizations should aim to reduce their digital security risk by implementing foundational security controls such as the Center for Internet Security's top 20 critical security controls (CIS CSC). Erlin agreed:
“Adopting best practices and leveraging critical security controls continues to be the best bet for defending against advanced adversaries, and can help close the gap within a business’s security infrastructure. There is solid research that supports the claim that the vast majority of attacks are due to known vulnerabilities and preventable misconfigurations. It is important to understand that good security hygiene will greatly reduce the effectiveness of an attack and goes a long way to making the attackers job more difficult.”
Image
